diff options
Diffstat (limited to 'src/microhttpd/connection_https.c')
-rw-r--r-- | src/microhttpd/connection_https.c | 127 |
1 files changed, 64 insertions, 63 deletions
diff --git a/src/microhttpd/connection_https.c b/src/microhttpd/connection_https.c index 8202329b..108e1fc6 100644 --- a/src/microhttpd/connection_https.c +++ b/src/microhttpd/connection_https.c | |||
@@ -59,22 +59,22 @@ recv_tls_adapter (struct MHD_Connection *connection, | |||
59 | i); | 59 | i); |
60 | if ( (GNUTLS_E_AGAIN == res) || | 60 | if ( (GNUTLS_E_AGAIN == res) || |
61 | (GNUTLS_E_INTERRUPTED == res) ) | 61 | (GNUTLS_E_INTERRUPTED == res) ) |
62 | { | 62 | { |
63 | #ifdef EPOLL_SUPPORT | 63 | #ifdef EPOLL_SUPPORT |
64 | if (GNUTLS_E_AGAIN == res) | 64 | if (GNUTLS_E_AGAIN == res) |
65 | connection->epoll_state &= ~MHD_EPOLL_STATE_READ_READY; | 65 | connection->epoll_state &= ~MHD_EPOLL_STATE_READ_READY; |
66 | #endif | 66 | #endif |
67 | /* Any network errors means that buffer is empty. */ | 67 | /* Any network errors means that buffer is empty. */ |
68 | connection->tls_read_ready = false; | 68 | connection->tls_read_ready = false; |
69 | return MHD_ERR_AGAIN_; | 69 | return MHD_ERR_AGAIN_; |
70 | } | 70 | } |
71 | if (res < 0) | 71 | if (res < 0) |
72 | { | 72 | { |
73 | /* Likely 'GNUTLS_E_INVALID_SESSION' (client communication | 73 | /* Likely 'GNUTLS_E_INVALID_SESSION' (client communication |
74 | disrupted); interpret as a hard error */ | 74 | disrupted); interpret as a hard error */ |
75 | connection->tls_read_ready = false; | 75 | connection->tls_read_ready = false; |
76 | return MHD_ERR_NOTCONN_; | 76 | return MHD_ERR_NOTCONN_; |
77 | } | 77 | } |
78 | 78 | ||
79 | #ifdef EPOLL_SUPPORT | 79 | #ifdef EPOLL_SUPPORT |
80 | /* Unlike non-TLS connections, do not reset "read-ready" if | 80 | /* Unlike non-TLS connections, do not reset "read-ready" if |
@@ -83,8 +83,9 @@ recv_tls_adapter (struct MHD_Connection *connection, | |||
83 | #endif /* EPOLL_SUPPORT */ | 83 | #endif /* EPOLL_SUPPORT */ |
84 | 84 | ||
85 | /* Check whether TLS buffers still have some unread data. */ | 85 | /* Check whether TLS buffers still have some unread data. */ |
86 | connection->tls_read_ready = ( ((size_t)res == i) && | 86 | connection->tls_read_ready = ( ((size_t) res == i) && |
87 | (0 != gnutls_record_check_pending (connection->tls_session)) ); | 87 | (0 != gnutls_record_check_pending ( |
88 | connection->tls_session)) ); | ||
88 | return res; | 89 | return res; |
89 | } | 90 | } |
90 | 91 | ||
@@ -113,19 +114,19 @@ send_tls_adapter (struct MHD_Connection *connection, | |||
113 | i); | 114 | i); |
114 | if ( (GNUTLS_E_AGAIN == res) || | 115 | if ( (GNUTLS_E_AGAIN == res) || |
115 | (GNUTLS_E_INTERRUPTED == res) ) | 116 | (GNUTLS_E_INTERRUPTED == res) ) |
116 | { | 117 | { |
117 | #ifdef EPOLL_SUPPORT | 118 | #ifdef EPOLL_SUPPORT |
118 | if (GNUTLS_E_AGAIN == res) | 119 | if (GNUTLS_E_AGAIN == res) |
119 | connection->epoll_state &= ~MHD_EPOLL_STATE_WRITE_READY; | 120 | connection->epoll_state &= ~MHD_EPOLL_STATE_WRITE_READY; |
120 | #endif | 121 | #endif |
121 | return MHD_ERR_AGAIN_; | 122 | return MHD_ERR_AGAIN_; |
122 | } | 123 | } |
123 | if (res < 0) | 124 | if (res < 0) |
124 | { | 125 | { |
125 | /* Likely 'GNUTLS_E_INVALID_SESSION' (client communication | 126 | /* Likely 'GNUTLS_E_INVALID_SESSION' (client communication |
126 | disrupted); interpret as a hard error */ | 127 | disrupted); interpret as a hard error */ |
127 | return MHD_ERR_NOTCONN_; | 128 | return MHD_ERR_NOTCONN_; |
128 | } | 129 | } |
129 | #ifdef EPOLL_SUPPORT | 130 | #ifdef EPOLL_SUPPORT |
130 | /* Unlike non-TLS connections, do not reset "write-ready" if | 131 | /* Unlike non-TLS connections, do not reset "write-ready" if |
131 | * sent amount smaller than provided amount, as TLS | 132 | * sent amount smaller than provided amount, as TLS |
@@ -151,32 +152,32 @@ MHD_run_tls_handshake_ (struct MHD_Connection *connection) | |||
151 | 152 | ||
152 | if ((MHD_TLS_CONN_INIT == connection->tls_state) || | 153 | if ((MHD_TLS_CONN_INIT == connection->tls_state) || |
153 | (MHD_TLS_CONN_HANDSHAKING == connection->tls_state)) | 154 | (MHD_TLS_CONN_HANDSHAKING == connection->tls_state)) |
155 | { | ||
156 | ret = gnutls_handshake (connection->tls_session); | ||
157 | if (ret == GNUTLS_E_SUCCESS) | ||
154 | { | 158 | { |
155 | ret = gnutls_handshake (connection->tls_session); | 159 | /* set connection TLS state to enable HTTP processing */ |
156 | if (ret == GNUTLS_E_SUCCESS) | 160 | connection->tls_state = MHD_TLS_CONN_CONNECTED; |
157 | { | 161 | MHD_update_last_activity_ (connection); |
158 | /* set connection TLS state to enable HTTP processing */ | 162 | return true; |
159 | connection->tls_state = MHD_TLS_CONN_CONNECTED; | 163 | } |
160 | MHD_update_last_activity_ (connection); | 164 | if ( (GNUTLS_E_AGAIN == ret) || |
161 | return true; | 165 | (GNUTLS_E_INTERRUPTED == ret) ) |
162 | } | 166 | { |
163 | if ( (GNUTLS_E_AGAIN == ret) || | 167 | connection->tls_state = MHD_TLS_CONN_HANDSHAKING; |
164 | (GNUTLS_E_INTERRUPTED == ret) ) | 168 | /* handshake not done */ |
165 | { | ||
166 | connection->tls_state = MHD_TLS_CONN_HANDSHAKING; | ||
167 | /* handshake not done */ | ||
168 | return false; | ||
169 | } | ||
170 | /* handshake failed */ | ||
171 | connection->tls_state = MHD_TLS_CONN_TLS_FAILED; | ||
172 | #ifdef HAVE_MESSAGES | ||
173 | MHD_DLOG (connection->daemon, | ||
174 | _("Error: received handshake message out of context\n")); | ||
175 | #endif | ||
176 | MHD_connection_close_ (connection, | ||
177 | MHD_REQUEST_TERMINATED_WITH_ERROR); | ||
178 | return false; | 169 | return false; |
179 | } | 170 | } |
171 | /* handshake failed */ | ||
172 | connection->tls_state = MHD_TLS_CONN_TLS_FAILED; | ||
173 | #ifdef HAVE_MESSAGES | ||
174 | MHD_DLOG (connection->daemon, | ||
175 | _ ("Error: received handshake message out of context\n")); | ||
176 | #endif | ||
177 | MHD_connection_close_ (connection, | ||
178 | MHD_REQUEST_TERMINATED_WITH_ERROR); | ||
179 | return false; | ||
180 | } | ||
180 | return true; | 181 | return true; |
181 | } | 182 | } |
182 | 183 | ||
@@ -205,23 +206,23 @@ bool | |||
205 | MHD_tls_connection_shutdown (struct MHD_Connection *connection) | 206 | MHD_tls_connection_shutdown (struct MHD_Connection *connection) |
206 | { | 207 | { |
207 | if (MHD_TLS_CONN_WR_CLOSED > connection->tls_state) | 208 | if (MHD_TLS_CONN_WR_CLOSED > connection->tls_state) |
209 | { | ||
210 | const int res = | ||
211 | gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR); | ||
212 | if (GNUTLS_E_SUCCESS == res) | ||
213 | { | ||
214 | connection->tls_state = MHD_TLS_CONN_WR_CLOSED; | ||
215 | return true; | ||
216 | } | ||
217 | if ((GNUTLS_E_AGAIN == res) || | ||
218 | (GNUTLS_E_INTERRUPTED == res)) | ||
208 | { | 219 | { |
209 | const int res = | 220 | connection->tls_state = MHD_TLS_CONN_WR_CLOSING; |
210 | gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR); | 221 | return true; |
211 | if (GNUTLS_E_SUCCESS == res) | ||
212 | { | ||
213 | connection->tls_state = MHD_TLS_CONN_WR_CLOSED; | ||
214 | return true; | ||
215 | } | ||
216 | if ((GNUTLS_E_AGAIN == res) || | ||
217 | (GNUTLS_E_INTERRUPTED == res)) | ||
218 | { | ||
219 | connection->tls_state = MHD_TLS_CONN_WR_CLOSING; | ||
220 | return true; | ||
221 | } | ||
222 | else | ||
223 | connection->tls_state = MHD_TLS_CONN_TLS_FAILED; | ||
224 | } | 222 | } |
223 | else | ||
224 | connection->tls_state = MHD_TLS_CONN_TLS_FAILED; | ||
225 | } | ||
225 | return false; | 226 | return false; |
226 | } | 227 | } |
227 | 228 | ||